[lldb-dev] Memory corruption due to Symtab::AddSymbol growth

Eugene Birukov via lldb-dev lldb-dev at lists.llvm.org
Fri May 20 12:37:15 PDT 2016 

Hi,
I am running into memory corruption in LLDB 3.8 release candidate on Linux Ubuntu 15.10. I am trying to access stack frame and the symbol on this frame is corrupted. Here is what I figured out:
"StackFrame" has field "m_sc" of type "SymbolContext""SymbolContext" has field "symbol" which is "Symbol*" pointer 
Now, when AddSymbol needs to grow its storage, the std::vector allocates new memory and makes  these "symbol" pointers dangling.Here is the call stack:
#0  0x00007ffff274188c in lldb_private::SymbolContextScope::~SymbolContextScope (this=0x12b5a58, __in_chrg=<optimized out>)    at /home/eugenebi/llvm/tools/lldb/include/lldb/Symbol/SymbolContextScope.h:75#1  0x00007ffff289f78a in lldb_private::Symbol::~Symbol (this=0x12b5a58, __in_chrg=<optimized out>)    at /home/eugenebi/llvm/tools/lldb/include/lldb/Symbol/Symbol.h:21#2  0x00007ffff28b72e8 in std::_Destroy<lldb_private::Symbol> (__pointer=0x12b5a58) at /usr/include/c++/5/bits/stl_construct.h:93#3  0x00007ffff28b5a9d in std::_Destroy_aux<false>::__destroy<lldb_private::Symbol*> (__first=0x12b5a58, __last=0x12c1710)    at /usr/include/c++/5/bits/stl_construct.h:103#4  0x00007ffff28b3e41 in std::_Destroy<lldb_private::Symbol*> (__first=0x12af710, __last=0x12c1710)    at /usr/include/c++/5/bits/stl_construct.h:126#5  0x00007ffff28b241b in std::_Destroy<lldb_private::Symbol*, lldb_private::Symbol> (__first=0x12af710, __last=0x12c1710)    at /usr/include/c++/5/bits/stl_construct.h:151#6  0x00007ffff28b2a2f in std::vector<lldb_private::Symbol, std::allocator<lldb_private::Symbol> >::_M_emplace_back_aux<lldb_private::Symbol c                           onst&> (this=0x9f6688) at /usr/include/c++/5/bits/vector.tcc:436#7  0x00007ffff28b143d in std::vector<lldb_private::Symbol, std::allocator<lldb_private::Symbol> >::push_back (this=0x9f6688, __x=...)    at /usr/include/c++/5/bits/stl_vector.h:923#8  0x00007ffff28ab0c0 in lldb_private::Symtab::AddSymbol (this=0x9f6680, symbol=...)    at /home/eugenebi/llvm/tools/lldb/source/Symbol/Symtab.cpp:70#9  0x00007ffff2acba21 in ObjectFileELF::ResolveSymbolForAddress (this=0x9f6310, so_addr=..., verify_unique=false)    at /home/eugenebi/llvm/tools/lldb/source/Plugins/ObjectFile/ELF/ObjectFileELF.cpp:2881#10 0x00007ffff273cc50 in lldb_private::Module::ResolveSymbolContextForAddress (this=0x9f5cb0, so_addr=..., resolve_scope=72, sc=...,    resolve_tail_call_address=false) at /home/eugenebi/llvm/tools/lldb/source/Core/Module.cpp:568#11 0x00007ffff2b31f04 in lldb_private::RegisterContextLLDB::InitializeZerothFrame (this=0x98687c0)    at /home/eugenebi/llvm/tools/lldb/source/Plugins/Process/Utility/RegisterContextLLDB.cpp:180#12 0x00007ffff2b31a34 in lldb_private::RegisterContextLLDB::RegisterContextLLDB (this=0x98687c0, thread=...,    next_frame=std::shared_ptr (empty) 0x0, sym_ctx=..., frame_number=0, unwind_lldb=...)    at /home/eugenebi/llvm/tools/lldb/source/Plugins/Process/Utility/RegisterContextLLDB.cpp:82#13 0x00007ffff2b2bb7a in lldb_private::UnwindLLDB::AddFirstFrame (this=0x1ee82b0)    at /home/eugenebi/llvm/tools/lldb/source/Plugins/Process/Utility/UnwindLLDB.cpp:97#14 0x00007ffff2b2cd01 in lldb_private::UnwindLLDB::DoGetFrameInfoAtIndex (this=0x1ee82b0, idx=0, cfa=@0x7fffffffc270: 18446744073709551615,    pc=@0x7fffffffc268: 18446744073709551615) at /home/eugenebi/llvm/tools/lldb/source/Plugins/Process/Utility/UnwindLLDB.cpp:422#15 0x00007ffff29ac64b in lldb_private::Unwind::GetFrameInfoAtIndex (this=0x1ee82b0, frame_idx=0, cfa=@0x7fffffffc270: 18446744073709551615,    pc=@0x7fffffffc268: 18446744073709551615) at /home/eugenebi/llvm/tools/lldb/include/lldb/Target/Unwind.h:78#16 0x00007ffff29aa4a9 in lldb_private::StackFrameList::GetFramesUpTo (this=0x9868250, end_idx=0)    at /home/eugenebi/llvm/tools/lldb/source/Target/StackFrameList.cpp:308#17 0x00007ffff29ab150 in lldb_private::StackFrameList::GetFrameAtIndex (this=0x9868250, idx=0)    at /home/eugenebi/llvm/tools/lldb/source/Target/StackFrameList.cpp:546#18 0x00007ffff29775fa in lldb_private::Thread::GetStackFrameAtIndex (this=0x7ff6a805d4f0, idx=0)    at /home/eugenebi/llvm/tools/lldb/include/lldb/Target/Thread.h:539#19 0x00007ffff1032f0e in lldb::SBThread::GetFrameAtIndex (this=0x7fffffffce30, idx=0)    at /home/eugenebi/llvm/tools/lldb/source/API/SBThread.cpp:1347
Thanks,Eugene 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/lldb-dev/attachments/20160520/e1d1a3e6/attachment.html>

More information about the lldb-dev mailing list